As I described last time, data loss prevention (DLP) technology discovers and identifies sensitive data in order to monitor, control, and secure it. This occurs on three fronts:

• On the network (data in motion). These types of DLP solutions are installed at network egress points and analyze network traffic to detect transmission of sensitive data that violates corporate security policy.
• In storage environments (data at rest), where the DLP solution discovers the presence of sensitive data in the wrong places, notably unsecured locations (e.g., open file shares).
• At endpoints like desktops, notebooks, or other end-user systems (data in use). Endpoint DLP can control the movement of sensitive data between users and the transmission and storage of email and instant messages. They can also monitor and control access to physical devices, such as mobile device data stores, and provide application controls that will block attempted transmissions of sensitive data.

More...

Don’t underestimate the threat to your business posed by insider data theft. The risk is real and you are not being paranoid if you worry about it. 

Consider, for instance, these disturbing factoids from a Symantec-sponsored 2011 study ominously entitled Behavioral Risk Indicators of Malicious Insider Theft of Intellectual Property: Misreading the Writing on the Wall, which closely examined 50 insider thefts:

More...

Combine Fear, Uncertainty, and Doubt — and you get FUD, which has been on my mind lately because it so often involves attempts to thwart adoption of newly-emerging, better solutions. Consider these two tales of FUD:

The first tale, from the late 1880s, is often referred to as the War of Currents. It's about a powerful group of direct current (DC) supporters who fought fiercely against the new, more cost-effective alternating current (AC) with a range of FUD stunts, from electrocuting animals to building the first electric chair. DC's supporters eventually lost — because FUD can slow, but not stop, real progress.

The second tale is a contemporary one involving Cloud Services — and, sadly, concerns the same techniques used during the War of Currents: FUD.

Cloud can reduce IT spend without loss of capability (or security). Cloud can even streamline what IT can do for a business. That inexorable reality has some upset enough to try to scare folks away from Cloud Services so they'll stick with costly, arcane solutions.

If marketing chatter is making you unsure, talk to a trusted technology adviser to understand your options. Don't let your plans succumb to FUD.

Just about every day, I hear yet another horror story about data loss. 

To my ears, that term — ‘data loss’ — doesn’t do the problem justice. ‘Data loss’ sounds almost innocuous, too much like ‘Gee, I misplaced my gloves, anybody seen them around?’

More...

Over the last few weeks, I’ve taken a look at what you can do to boost your organization’s IT security. But it occurs to me that maybe I’ve put the cart before the horse.

So I’m going to spend the next few weeks delving into the sort of threats your business’s IT infrastructure faces. And I’m going to start with data breaches and the most recent big-headline example: Zappos (parent company is Amazon.com), which last month admitted it suffered a data breach that compromised 24 million customer accounts.

More...

Are you suffering from security fatigue? Find yourself getting irritated when your IT folks bring up yet another security issue? You're not alone. Lately I've been witnessing a good deal of security fatigue in the executive suite, and I'm not surprised.

Truth is, security remains a never-ending process. The easier we make it to move data, the more vulnerable it is to loss or theft. In fact, our Page 1 story this issue on Data Loss Prevention is all about how easy it is for too many employees to make off with sensitive, proprietary information.

But you're sick of hearing about it all, right? Well, maybe it's not security you're tired of, but the endless stream of checks you've been writing to buy security products that leave you less than secure.

As readers of this blog know, I've long been an advocate of buying capability rather than product. Want to be sure Salesman Bob, who's just resigned to go to work for a competitor, doesn't walk away with all your customer data to help him in his new job? Don't just buy a product. Look for a way to get the capability to protect your data.

You can't escape spending on security, but you can make each dollar work to deliver the functionality you need.

For quite some time, small and midsized businesses dared to feel safe from most malicious attacks — thanks to their relative smallness. Over the last couple of years, that’s been changing, because larger firms are tightening defenses and, as I’ve said before, the bad guys exploit opportunity.

Which is why shoddy IT security is a wide open opportunity for hackers to rip you off. 

So I’m finishing our list with two elements easily overlooked as you face the hassles of keeping up with criminal creativity.

#9 Educate your employees about security

More...

It’s appropriate, I suppose, to think of Quest’s list of 10 ways to boost security as layers: Strategy and guiding principles first, then infrastructure basics you may not have considered much. And now a couple of layers that address some of what are sure to rank among 2012’s imminent threats …

#5 Deploy computer security incident response capabilities to better address advanced persistent threats. 

Too often, attacks and breaches take weeks, months, and even years to be uncovered.  According to Verizon’s 2011 Data Breach Investigations Report (which includes information from the U.S. Secret Service and the Dutch National High Tech Crime Unit as well as Verizon’s information), 38% of data breaches aren’t discovered for weeks, and 36% aren’t discovered for months.

More...